Security FAQ

Where is Gallabox hosted?

We are hosted on Amazon Web Services, which is hosts the most of the fortune 500 companies across the globe.

Customer data is stored in U.S. data center. Some data (HTML pages & assets) may be cached in other geographies by our CDN. Access to private content through our CDN is always validated through our application servers using a complex permissions system.

AWS follows or even leads most of the industry's best-practices and is compliant with most major security standards and certifications.

Is customer data encrypted?

Yes, all customer data is encrypted at rest and in-transit:

• In transit, we use HTTPS to encrypt all traffic served to end-users.

• At rest on MongoDB Atlas database, using multiple layers of AES256.

How are users authenticated?

By default, all customer data, unless explicitly public, can only be accessed by authenticated users with valid permissions.

You can control and restrict access through our Role and Permission feature, allowing you to invite external members to join your account and collaborate, whilst restricting their access to a chosen subset of your channels and modules.

What other 3rd-party services process data?

Gallabox leverages the following 3rd-party services and APIs:

• Stripe for payments

• Zoho Desk for support

• Amplitude for Analytics

• AWS and Heroku for hosting (date & compute)

• MongoDB Atlas for database

Since these services provide the highest standards and are regularly externally audited, Gallabox does not audit them by its own means.